Unix security suggestion

Barry Shein bzs at encore.com
Sun Nov 20 08:24:48 AEST 1988


From: scs at athena.mit.edu (Steve Summit)
>One of the disturbing things about Unix security is that bugs in
>the protection mechanisms tend to be catastrophic: they don't
>just let you do some little unintended thing; more often than not
>they let you do anything, as root.

I don't know why you imply that somehow unix is more susceptible to
such security bugs than other systems, do you base this on anything or
did it just sound good at the time? I can list various serious
security bugs that have cropped up in other O/S's just as inherent to
their design, or misfeatures.

>Of course, in Computer Science, as in Mathematics, as in Nature,
>everything drains towards 0, so the fact that uid 0 is both the
>superuser and the most likely accidental value can be seen as an
>invitation to disaster.
>
>If only the kernel tested for superuser status neither with
>
>	if(!u.u_uid)
>
>nor with
>
>	if(u.uid == 0)
>
>but with
>
>	if(u.uid == SUPERUSER)

I'm not sure I go along with your theory that zero is the most common
random number or whatever it was you were postulating.

Actually, modern kernels use an suser() boolean function, although
I'll guarantee you a lot of utilities do assume the superuser id is 0.

It can be done but someone will have to demonstrate the effectiveness
of bothering.

In the current panic/mob-mentality mode I see on this list tho it will
hardly need justification, every stupid idea ever thought of will be
implemented somewhere.

The real "problem" with Unix is simple:

Unix, for many years of its life, was a maverick system supported by
basically no one although hacked on by many. Now suddenly in the last
year or two everyone woke up (IMHO) and decided that Unix is was right
all along. That's very nice, but the years of malice and neglect show
at this point.

It's too bad that people wasted billions and billions on brain-damaged
upper-case operating systems for so many years (and still do) and
sneered at Unix but that's history, you can't retrieve the money they
wasted although some of those folks oughta be vilified for their
myopia, most of them are probably too busy declaring themselves Unix
gurus.

Unix wasn't exactly ignored either, it was the victim over the years
of many carefully constructed campaigns to destroy it, the most
vicious of which involved vigorous vendor attempts to get people who
brought Unix into shops fired. Most of them today take out full page
ads declaring themselves to be *the* Unix vendor.

Maybe folks are venting their anger at the wrong folks. Sun for
example didn't screw you, they saved you by demonstrating to the world
that Unix can be good business and legitimizing it. At least you're on
a reasonable path now to get some work done and shop for the hardware
you need rather than what's shoved down your throat.

Give it a few years and maybe these problems will be solved, and most
likely with it Unix will become expensive...

	-Barry Shein, ||Encore||



More information about the Comp.unix.wizards mailing list